Illegal data sharing by Grindr

By Thomas Vink, 17th August 2022

In December 2021, the Norwegian Data Protection Authority (DPA) issued an administrative fine of NOK 65 million (around EUR 6.5 million) against dating app Grindr for disclosing personal information about users to third parties for behaviour-based marketing without a legal basis. The decision followed complaints against Grindr and five adtech companies written by None of Your Business (noyb) and filed by the Norwegian Consumer Council (NCC) in January 2020.

On February 14, 2022, Grindr lodged an appeal against the DPA’s decision, with the appeal being reviewed by the Privacy Appeals Board. NCC together with partners such as noyb, Norwegian law firm Hjort and with assistance from cyber security firm mnemonic are aiming to ensure that the original decision is upheld throughout the appeals process. Meanwhile, NCC are also following up on the progress of the complaints against adtech companies Mopub, Xandr, Open X, Smaato and AdColony in the same case complex.

Illegal data sharing by Grindr

Organisation Name

Norwegian Consumer Council, Forbrukerrådet

Country/Jurisdiction

Norway

Amount Granted

EUR 46,813

Current Status

Case won

Grant type

Litigation Track Support

Description

In December 2021, the Norwegian Data Protection Authority (DPA) issued an administrative fine of NOK 65 million (around EUR 6.5 million) against dating app Grindr for disclosing personal information about users to third parties for behaviour-based marketing without a legal basis. The decision followed complaints against Grindr and five adtech companies written by None of Your Business (noyb) and filed by the Norwegian Consumer Council (NCC) in January 2020.

On February 14, 2022, Grindr lodged an appeal against the DPA’s decision, with the appeal being reviewed by the Privacy Appeals Board. NCC together with partners such as noyb, Norwegian law firm Hjort and with assistance from cyber security firm mnemonic are aiming to ensure that the original decision is upheld throughout the appeals process. Meanwhile, NCC are also following up on the progress of the complaints against adtech companies Mopub, Xandr, Open X, Smaato and AdColony in the same case complex.

On 29 September 2023, the Norwegian Privacy Appeals Board (Personvernnemnda) announced that it upholds the Norwegian Data Protection Authority’s fine, affirming that Grindr’s practice of sharing sensitive personal data with third parties is illegal.

"the Norwegian Data Protection Authority issued an administrative fine of NOK 65 million against dating app Grindr for disclosing personal information about users to third parties"

Strategic Goal

To end illegal surveillance advertising and hold the entities responsible to account.

Organisation Name

Women’s Link Worldwide

Image credit: Norwegian Consumer Council